PSA for new bug bounty hunters: before you sink weeks into a program, check that the reward vault is actually funded on-chain, and screen out findings that need a privileged/admin action to trigger even if they are guaranteed to happen as per normal processes. Learned both the hard way. A "$100k max" banner means nothing if the vault holds $150. I don't like platforms like Immunefi and I will never submit another report there again. They have major issues.
[link] [comments]
from hacking: security in practice https://ift.tt/GbtW9TU
Comments
Post a Comment